aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-10-25 13:24:28 +0200
committerAndreas Schneider <asn@cryptomilk.org>2019-12-09 17:33:37 +0100
commit82c375b7c99141a5495e62060e0b7f9c97981e7e (patch)
tree586358744fba04b66da65ce83140fb7ca742f222
parent4aea835974996b2deb011024c53f4ff4329a95b5 (diff)
downloadlibssh-82c375b7c99141a5495e62060e0b7f9c97981e7e.tar.gz
libssh-82c375b7c99141a5495e62060e0b7f9c97981e7e.tar.xz
libssh-82c375b7c99141a5495e62060e0b7f9c97981e7e.zip
CVE-2019-14889: scp: Log SCP warnings received from the server
Fixes T181 Previously, warnings received from the server were ignored. With this change the warning message sent by the server will be logged. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit c75d417d06867fd792b788e6281334621c2cd335)
-rw-r--r--src/scp.c75
1 files changed, 11 insertions, 64 deletions
diff --git a/src/scp.c b/src/scp.c
index 5de0e6ff..166f3d2f 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -113,7 +113,6 @@ int ssh_scp_init(ssh_scp scp)
{
int rc;
char execbuffer[1024] = {0};
- uint8_t code;
if (scp == NULL) {
return SSH_ERROR;
@@ -157,19 +156,8 @@ int ssh_scp_init(ssh_scp scp)
}
if (scp->mode == SSH_SCP_WRITE) {
- rc = ssh_channel_read(scp->channel, &code, 1, 0);
- if (rc <= 0) {
- ssh_set_error(scp->session, SSH_FATAL,
- "Error reading status code: %s",
- ssh_get_error(scp->session));
- scp->state = SSH_SCP_ERROR;
- return SSH_ERROR;
- }
-
- if (code != 0) {
- ssh_set_error(scp->session, SSH_FATAL,
- "scp status code %ud not valid", code);
- scp->state = SSH_SCP_ERROR;
+ rc = ssh_scp_response(scp, NULL);
+ if (rc != 0) {
return SSH_ERROR;
}
} else {
@@ -277,7 +265,6 @@ int ssh_scp_push_directory(ssh_scp scp, const char *dirname, int mode)
{
char buffer[1024] = {0};
int rc;
- uint8_t code;
char *dir = NULL;
char *perms = NULL;
@@ -303,19 +290,8 @@ int ssh_scp_push_directory(ssh_scp scp, const char *dirname, int mode)
return SSH_ERROR;
}
- rc = ssh_channel_read(scp->channel, &code, 1, 0);
- if (rc <= 0) {
- ssh_set_error(scp->session, SSH_FATAL,
- "Error reading status code: %s",
- ssh_get_error(scp->session));
- scp->state = SSH_SCP_ERROR;
- return SSH_ERROR;
- }
-
- if (code != 0) {
- ssh_set_error(scp->session, SSH_FATAL, "scp status code %ud not valid",
- code);
- scp->state = SSH_SCP_ERROR;
+ rc = ssh_scp_response(scp, NULL);
+ if (rc != 0) {
return SSH_ERROR;
}
@@ -334,7 +310,6 @@ int ssh_scp_leave_directory(ssh_scp scp)
{
char buffer[] = "E\n";
int rc;
- uint8_t code;
if (scp == NULL) {
return SSH_ERROR;
@@ -352,18 +327,8 @@ int ssh_scp_leave_directory(ssh_scp scp)
return SSH_ERROR;
}
- rc = ssh_channel_read(scp->channel, &code, 1, 0);
- if (rc <= 0) {
- ssh_set_error(scp->session, SSH_FATAL, "Error reading status code: %s",
- ssh_get_error(scp->session));
- scp->state = SSH_SCP_ERROR;
- return SSH_ERROR;
- }
-
- if (code != 0) {
- ssh_set_error(scp->session, SSH_FATAL, "scp status code %ud not valid",
- code);
- scp->state = SSH_SCP_ERROR;
+ rc = ssh_scp_response(scp, NULL);
+ if (rc != 0) {
return SSH_ERROR;
}
@@ -395,7 +360,6 @@ int ssh_scp_push_file64(ssh_scp scp, const char *filename, uint64_t size,
int rc;
char *file = NULL;
char *perms = NULL;
- uint8_t code;
if (scp == NULL) {
return SSH_ERROR;
@@ -422,19 +386,8 @@ int ssh_scp_push_file64(ssh_scp scp, const char *filename, uint64_t size,
return SSH_ERROR;
}
- rc = ssh_channel_read(scp->channel, &code, 1, 0);
- if (rc <= 0) {
- ssh_set_error(scp->session, SSH_FATAL,
- "Error reading status code: %s",
- ssh_get_error(scp->session));
- scp->state = SSH_SCP_ERROR;
- return SSH_ERROR;
- }
-
- if (code != 0) {
- ssh_set_error(scp->session, SSH_FATAL,
- "scp status code %ud not valid", code);
- scp->state = SSH_SCP_ERROR;
+ rc = ssh_scp_response(scp, NULL);
+ if (rc != 0) {
return SSH_ERROR;
}
@@ -498,7 +451,7 @@ int ssh_scp_response(ssh_scp scp, char **response)
if (code > 2) {
ssh_set_error(scp->session, SSH_FATAL,
- "SCP: invalid status code %ud received", code);
+ "SCP: invalid status code %u received", code);
scp->state = SSH_SCP_ERROR;
return SSH_ERROR;
}
@@ -585,14 +538,8 @@ int ssh_scp_write(ssh_scp scp, const void *buffer, size_t len)
* and handle */
rc = ssh_channel_poll(scp->channel, 0);
if (rc > 0) {
- rc = ssh_channel_read(scp->channel, &code, 1, 0);
- if (rc == SSH_ERROR) {
- return SSH_ERROR;
- }
-
- if (code == 1 || code == 2) {
- ssh_set_error(scp->session, SSH_REQUEST_DENIED,
- "SCP: Error: status code %i received", code);
+ rc = ssh_scp_response(scp, NULL);
+ if (rc != 0) {
return SSH_ERROR;
}
}